99% of security issues are going to be from using weak( or no paswd ) passwd's, and social engineering. An added step I do is remove the default debian user, and add my own user. Of course anyone whose read my blog posts, or has seen me paste commands etc, including my username, but obviously id change that when the image went true production.
Anyway, security through obscurity is really not security at all, and security really depends on what you need / do. Somethings like forking processes for instance can potentially be a security risk. But when you're unsure, google x.y.z + debian + security, and 9 times out of 10 you'll get some decent information. There really is so much to cover that you're never going to get a full understanding just from a single thread on these groups. Oh, and like the last user said, remove root. Or rather just disable root, after it is no longer needed as such: $ sudo passwd -l root I think that is right . . . also for what it's worth, hosts.allow, and hosts.deny is deprecated on the most recent Debian releases . . . On Tue, Dec 16, 2014 at 4:00 PM, jmelson <[email protected]> wrote: > > > > On Sunday, December 7, 2014 5:24:23 PM UTC-6, Tommi wrote: >> >> Hey, >> >> I am using the BBB for backup (via BTSync, this also gives me some >> troubles lately, but that is a different story...). I am thinking of >> bringing the BBB to work (at a university) to get a real off-site backup. >> However, I am not sure what steps I should take in order to make sure >> nobody can access my files there. So my questions are: >> >> 1) What should I do to make sure it is secure? I think I would even be >> happy only to access it via USB and the webserver of BTsync (port 8888) >> >> >> First, have ONLY one user account, and be sure ROOT can't be logged into > from the net. > Two, install denyhosts, and set a very restrictive policy, like two > failed login attempts within > two weeks and that IP is locked out for 6 months. I used to get 1000 > login attempts a day. > The botnets actually did a scientific probing sequence to find out what > the horizon of the > lockout was, and once they determined it remembered failed logins for a > two week window, > immediately the attempts fell off to about 2 a day! denyhosts was the > best security > thing I ever found to deter the hackers. > > Of course, shut down all unnecessary services. > > Jon > > -- > For more options, visit http://beagleboard.org/discuss > --- > You received this message because you are subscribed to the Google Groups > "BeagleBoard" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
